In an evolving effort to encourage sites to take steps toward a safer web, Google’s Chrome browser will begin to mark non-secure HTTP webpages as “not secure” (see image above), beginning with the release of version 68, due for release in July 2018.
Establishing a secure connection to a website is essential to ensure that any data exchanged between you and them is private and cannot be viewed by other parties. Currently, Chrome will indicate when a connection to a site is secure using HTTPS by placing the label ‘Secure’ with a padlock logo in green color to the left of the site address, however no indication is provided to the user that a connection to a site using non-secure HTTP, is in fact non-secure.
Rather than simply indicate when connections to websites are secure, Google would like to shift the dynamic by assuming that ALL website connections should be secure, and tell the user whenever a connection is not secure.
With the release of version 69 in September 2018, Chrome will replace the green ‘secure’ with padlock logo with simply a gray padlock, in another step to de-emphasize positive security indicators and emphasize to the user all site connections that are “not secure”.
When Chrome version 70 comes out in October 2018, the “not secure” indicator will have an even stronger emphasis by showing up in the color red alongside a red triangle with an exclamation mark.
Hopefully these developing changes will increase user awareness about the importance of connecting to websites securely, and motivate developers to migrate their websites to HTTPS, if they haven’t done so already.
~Ted Eiler